In ISO/IEC 27001, human resources (HR) security refers to the controls that are put in place to protect the organisations information assets from security risks associated with its employees, contractors, and other third-party workers. This includes risks related to the recruitment, training, and management of staff, as well as risks related to the termination of staff.

Human resources security controls typically include the following:

  1. Background checking: Conducting background checks on new employees and contractors to ensure they are suitable for the position and do not pose a security risk.
  2. Job role definition: Defining the security responsibilities of each job role and ensuring that employees understand their responsibilities and obligations.
  3. Security awareness training: Providing security awareness training to all employees and contractors to ensure they understand their responsibilities and are aware of the latest threats and vulnerabilities.
  4. Access controls: Restricting access to the organisations information assets to only those employees who need it to perform their job duties.
  5. Exit management: Managing the process of terminating employees or contractors, including the return of company property and the revocation of access to company systems.
  6. Incident management: Having incident management processes in place to detect and respond to security incidents, in which employees might be involved.
  7. Non-disclosure agreements: Requiring employees and contractors to sign non-disclosure agreements to prevent the unauthorised disclosure of confidential information.

It's important to remember that human resources security is not just a one-time process but rather an ongoing effort, that should be part of the overall ISMS. It should be integrated with the other controls and process, such as access control, incident management and compliance.

Regular review of the human resources security controls, should be conducted, and updated as necessary, to make sure it is still effective and relevant. Also, it is important to communicate and create a security culture in the organisation that promotes compliance with the HR security controls.